Tag Archive for: Website

Who’s Behind the 8Base Ransomware Website? – Krebs on Security

/in


The victim shaming website operated by the cybercriminals behind 8Base — currently one of the more active ransomware groups — was until earlier today leaking quite a bit of information that the crime group probably did not intend to be made public. The leaked data suggests that at least some of website’s code was written by a 36-year-old programmer residing in the capital city of Moldova.

The 8Base ransomware group’s victim shaming website on the darknet.

8Base maintains a darknet website that is only reachable via Tor, a freely available global anonymity network. The site lists hundreds of victim organizations and companies — all allegedly hacking victims that refused to pay a ransom to keep their stolen data from being published.

The 8Base darknet site also has a built-in chat feature, presumably so that 8Base victims can communicate and negotiate with their extortionists. This chat feature, which runs on the Laravel web application framework, works fine as long as you are *sending* information to the site (i.e., by making a “POST” request).

However, if one were to try to fetch data from the same chat service (i.e., by making a “GET” request), the website until quite recently generated an extremely verbose error message:

The verbose error message when one tries to pull data from 8Base’s darknet site. Notice the link at the bottom of this image, which is generated when one hovers over the “View commit” message under the “Git” heading.

That error page revealed the true Internet address of the Tor hidden service that houses the 8Base website: 95.216.51[.]74, which according to DomainTools.com is a server in Finland that is tied to the Germany-based hosting giant Hetzner.

But that’s not the interesting part: Scrolling down the lengthy error message, we can see a link to a private Gitlab server called Jcube-group: gitlab[.]com/jcube-group/clients/apex/8base-v2. Digging further into this Gitlab account, we can find some curious data points available in the JCube Group’s public code repository.

For example, this “status.php” page, which was committed to JCube Group’s Gitlab repository roughly one month ago, includes code that makes…

Source…

Hackers use Royal Family website to promote links to porn and casinos | UK News

/in



Caption: Exclusive: Hackers use Royal Family's website to promote thousands of links to porn and casinosCredit Getty / royal
Hackers are using the Royal Family’s website to promote thousands of links to pornography and online casinos (Picture: Getty/royal.uk)

The Royal Family’s website is being used by ‘Black Hat SEO’ hackers to promote thousands of links to pornography and other adult content.  

Google is investigating after the prestigious royal.uk address was hijacked by spammers posting blurbs in a mixture of Mandarin Chinese and English.

Searches on the engine show that the official URL has been ‘malformed’ to link to explicit and potentially harmful content elsewhere on the web.

The majority advertise casino and gambling sites while hundreds link to pornography in the attempt to boost search engine optimisation (SEO).

The royals are among the victims of a practice whereby hackers use the online presence of reputable organisations to promote grubby content and increase their rankings in valuable search engine listings.

Although there is no inappropriate material visible on the royal website itself, the rogue links show up in Google searches. The official title complete with the Royal Coat of Arms appears above each result. 


The royal.uk brand is being used to promote seedy content (Picture: Google)
The royal.uk brand is being used to promote seedy content (Picture: Google)

The spammers are thought to have tampered with the royal domain’s metadata — the embedded words and descriptive data which tell people what the content is about. Crucially, it helps search engines understand and index web pages accurately. 

Adrianus Warmenhoven, a cybersecurity advisor at NordVPN, said: ‘By Royal Appointment is one of the most valuable endorsements that a company can receive, and these hackers have found a way to gain credit via the back door. It looks like they have managed to insert some malicious code in the metadata of the official Royal Family website and hidden rogue links to all sorts of unsavoury pages.

‘Hackers often use phishing attacks to grab passwords, which can let them log in and edit the website metadata. 

‘Visitors to the website shouldn’t stumble across these links, but scammers are benefiting from the association with one of the world’s most prestigious domain names.’ 

Other trusted domain names have been used to promote and…

Source…

Madison teen, accused in Memorial bomb threats, now charged in New York with hacking a sports betting website

/in


A Madison teen who still faces felony charges over bomb threats made at Memorial High School last year was arrested Thursday and charged by federal authorities in New York City with hacking an online sports betting website, which had user accounts that were then plundered.

The charges filed on Monday against Joseph H. Garrison, 18, in U.S. District Court for the Southern District of New York allege that in November — about three months after Garrison was charged and released for the Memorial threats — he launched what authorities called a “credential stuffing attack” to find username and password combinations, gleaned from sources on the “dark web,” that would work on other websites where users used the same username-password combinations.

People are also reading…

That included the fantasy sports and sports betting website, which was not identified by name in the complaint.

He then sold the working combinations to buyers on the internet, according to a criminal complaint, and provided detailed instructions on how to use them on the betting site. The buyers used them to steal about $600,000 from the site’s user accounts, the complaint states.

In todays world, its high tech versus high crime. Police work like dusting for prints is now supplemented with point and click. 


A credential stuffing attack uses a computer program to rapidly attempt to log into financial accounts using a list of known username-password combinations to search for working logins. 

Buyers took money from about 1,600 of the site’s 60,000 accounts that were accessed using the stolen credentials, the complaint states.

Intruders were able to clear out an individual user account by setting up a new payment method and depositing $5 into the account to verify it, then withdrawing the account’s balance through that new payment method, the complaint states.

Investigators identified Garrison as the person who carried out…

Source…

What Are Internet Security Issues #shorts

/in